U.S. indicts four Chinese military members for 2017 Equifax breach

The U.S. Department of Justice has accused Chinese military personnel of hacking into the computer systems of Equifax, a credit reporting agency, in 2017.

The indictment alleges four members of China’s People’s Liberation Army (PLA) engaged in a three-month-long campaign to steal personal information of approximately 145 million Americans, and valuable trade secrets of the company, namely its data compilations and database designs. 

Wu Zhiyong,  Liu Lei, Xu Ke, and Wang Qian were members of the PLA’s 54th Research Institute, which is a component of the military of China. The four accused allegedly conspired with each other to hack into the computer networks of Equifax, maintain unauthorized access to those systems, and steal personal information of around 145 million American victims, The U.S. Department of Justice noted in a press release today

The investigation was carried out jointly by the U.S. Attorney’s Office for the Northern District of Georgia, FBI’S Atlanta Field Office, and the Criminal and National Security Divisions of the Department of Justice. The FBI’s Cyber Division also provided support. 

“This was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military,” said U.S. Attorney General William P. Barr who made the announcement. 

The indictment states that the defendants took advantage of a vulnerability in the Apache Struts Web Framework software used by the online dispute portal of Equifax. This access was used by the defendants to reconnaissance the portal as well as to get hold of the login credentials that could be used for further navigation of Equifax’s network. 

“The defendants spent several weeks running queries to identify Equifax’s database structure and searching for sensitive, personally identifiable information within Equifax’s system. Once they accessed files of interest, the conspirators then stored the stolen information in temporary output files, compressed and divided the files, and ultimately were able to download and exfiltrate the data from Equifax’s network to computers outside the United States. In total, the attackers ran approximately 9,000 queries on Equifax’s system, obtaining names, birth dates and social security numbers for nearly half of all American citizens,” read the press release. 

The indictment also states that the defendants routed traffic through around 34 servers located in approximately 20 countries to obfuscate their true location, used encrypted communication channels within Equifax’s network to blend in with normal network activity, and wiped log files and deleted compressed files on a daily basis for eliminating records of their activity.

The defendants were charged with three counts of conspiracy to commit wire fraud, conspiracy to commit computer fraud, and conspiracy to commit economic espionage. In addition, they have also been charged with two counts of unauthorized access and intentional damage to a protected computer, three counts of wire fraud, and one count of economic espionage.

“Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information,” said Barr.

These are just allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Pragya Sehgal
Pragya Sehgal
Born and raised in the capital city of India - Delhi - bounded by the river Yamuna on the west, Pragya has climbed the Himalayas, and survived medical professional stream in high school without becoming a patient or a doctor. Pragya now makes her home in Canada with her husband - a digital/online marketing fanatic who also loves to prepare delicious meals for her. When she isn’t working or writing around tech, she’s probably watching art films on Netflix, or wondering whether she should cut her hair short or not. Can be contacted at psehgal@itwc.ca or 647.695.3494.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now